Cyberattacks have become a pervasive threat to individuals, businesses, societies, and worldwide economic growth. The turbulent global geopolitical and geoeconomic environment — one that includes the possibility of a fragmented cyberspace — is also complicating the development and rollout of promising next-generation technologies.
These ideas are driven home in the World Economic Forum's (WEF) "Global Risks Report 2020," which positions cyberattacks as the seventh most-likely and eighth most-impactful risks, and the second most-concerning risk, for global business over the next 10 years. Given that revenue, profits, and brand reputation of major firms are on the line, critical infrastructure is exposed, and nation-states are cyber-warring with each other, the stakes have never been higher.
1 Million People Join the Internet Every Day
Without question, the world is embracing digital at an astonishing rate. According to the WEF report, more than half of the world's population is online. A million additional users hop aboard the Internet daily. Two-thirds of humanity carry a smartphone or some other mobile device.
As a result, data has become the fuel of the digital economy. Cisco's "VNI Forecast 2017 –2022" predicts that by 2021, IP traffic will hit 3.3 zettabytes annually — in gigabytes, that's roughly the same as all the movies ever made zipping through the globe's IP networks every minute. In reality, it means there can be zero tolerance for failure or outages.
To be sure, the modern miracles of 5G networks, quantum computing, artificial intelligence — and the world's growing reliance on the availability of network services and cloud computing — are creating huge opportunities. But they also introduce systemic risks. Large-scale blackouts can have gargantuan consequences, erode trust, dampen economic growth, exacerbate geopolitical rivalries, and create even more yawning gaps in societies.
Cyberattacks Are Expected to Increase This Year
When asked to describe the "short-term risk outlook"("short-term" being the next 12 months) 76.1% of the respondents to the WEF's survey expected cyberattacks to increase in 2020 and named them as one of top five global threats — outpacing even terrorism, which did not make it into the top five. The others were economic confrontations (78.5%), domestic political polarization (78.4%), extreme heatwaves (77.1%), and destruction of natural ecosystems (76.2%).
These days, cybercrime is a highly lucrative underground venture. The notorious Dark Web provides a place to do business, the marketplace where demand shakes hands with supply. The ever-changing cybercrime-as-a-service model offers up a cornucopia of online skullduggery ranging from distributed denial-of-service (DDoS) attacks and malware to massive pilfered data sets on demand. Today, participating in cybercrime is as easy as legal e-commerce.
The WEF assumes that taking down a single cloud provider could already generate between $50 billion and $120 billion in economic harm — comparable to the financial carnage resulting from Hurricane Sandy and Hurricane Katrina.
The Perils of Digital Innovation
So-called Industry 4.0 technologies are inherently vulnerable to a variety of cyberattacks — from data theft and ransomware to sabotage, each with potentially globally harmful outcomes. Operational technologies are at greater risk, since cyberattacks could cause more traditional kinetic impacts as technology (for example, production lines, logistics) is extended into the physical realm to form cyber-physical systems. However, employing "security-by-design" thinking to incorporate cybersecurity features into new products still plays second fiddle to getting products to market fast.
The Internet of Things (IoT) introduces another layer of worry, as it has the potential to amplify the cyberattack surface by an order of magnitude. There are an estimated 21 billion IoT devices worldwide, and various analysts predict that number will double by 2025. Not surprisingly, attacks on IoT devices ballooned by more than 300% in the first half of 2019, according to the WEF report. In September 2019, IoT devices were harnessed to take down Wikipedia through a DDoS attack, and industry pundits fully expect use of this attack methodology to increase. The WEF report wraps up by saying that, by next year, the cost of cybercrime might reach $6 trillion, according to Cybersecurity Ventures — equal to the gross domestic product of the world's third-largest economy.
Information Infrastructure Collapse Fated the Sixth Most-Impactful Risk Until 2030
Cyberattacks on critical infrastructure — rated in 2020 as the WEF's fifth top risk — are the new normal in sectors including energy, healthcare, and transportation. Some attacks have affected entire cities. The public and private sectors alike vulnerable to being held hostage. Well-organized cybercrime groups are uniting, and the likelihood of rooting them out and bringing them to justice is estimated to be as low as 0.05% in the United States, the WEF concludes. Cybercrime-as-a-service is another popular business model, since the growing sophistication of hacking tools for sale on the Dark Web has made online crime cheaper and easily accessible to almost anyone.
The world's reliance on digital technologies is changing the landscape of international and national security and bring three urgent questions to the fore. How do we protect critical infrastructure, uphold societal values, and prevent the escalation of state-on-state conflicts? More and more, digital tools are playing a key role in asymmetric warfare, enabling smaller countries and non-state actors to attack far larger and better-funded states. Viruses, ransomware, and DDoS attacks created to serve as cyber weapons have been tweaked by bad actors after being released into cyberspace. Today, cyberspace is another military domain that has sparked an entirely new and rapidly evolving arms race.
It's a positive sign that cybersecurity has finally attained the awareness it deserves and is on the radar of the world's leaders. Organizations can do their best to safeguard themselves against the vulnerabilities mentioned, but the days when cybersecurity was IT's role alone are a thing of the past. Today, cybersecurity is a strategic risk whose implementation and management demands commitment from every corner office on the planet.
Global leaders must commit to taking action beyond uttering fine-sounding words at Davos. Corporate governance models need to be rebuilt from the ground up. The CISO role merits far more attention in corporate boardrooms. In the digital age, every business decision will have a cybersecurity implication in one way or another. More collaborative approaches to tackling cyber threats — whether it's a coordinated effort among peers within an industry, or public-private partnerships that support information exchange between law enforcement, the legislative branch, and the private sector.